All Posts

All Posts

Is AI Consent putting your GP practice at risk?

Don't use the word consent, it's misleading AI in healthcare is powerful—and different. It’s new to many patients, and care settings come with an inherent power imbalance: people are unwell, worried, time-pressed, and reliant on clinicians. Because we are not permitted to use consent (the Information Commissioner has confirmed this to us), the ethical—and practical—answer is more transparency, earlier, and in layers. Putting it bluntly: it is not acceptable to spring a one-li

4 days ago3 min read

Why Your AI Supplier Won't Explain

Opacity in your supply chain isn’t always about them having something to hide. Opacity has many faces; some calculated, some careless, and some very ordinary. When we buy or inherit algorithmic systems, we may find that AI vendors speak the language of the sales deck and that algorithmic snake oil. Yet when DPOs ask how the model actually works, that models are in the pipeline and their source, the conversation often stops at “commercial sensitivity" or worse, confused silenc

4 days ago3 min read

ISO 27001 Physical Controls - Still Important in a Cyber World?

Let’s be honest - when most people think about information security these days, their minds jump straight to the cyber side of things. Firewalls, MFA, phishing, ransomware etc, - the digital world tends to dominate the conversation. But here’s the thing, even the best cyber security in the world won’t help if someone can simply walk into your office and plug a USB stick into something or reach over the counter and grab some sensitive paperwork. ISO 27001 Physical Controls are

6 days ago4 min read

How do I know if an AI tool is safe to use?

I find that, when small organisations start exploring AI, whether to automate recruitment, triage enquiries, or analyse customer data, the conversation usually begins with excitement. New efficiencies, lower costs, smarter insights are all on the table. But the more important conversation, the one that rarely takes place early enough, is about safety. Not safety in the technical sense of cybersecurity, but in the broader human sense: is this system safe to use on the people y

Oct 243 min read

Bring Your Own AI - The Risks for Data Protection

It’s becoming common to see employees using their own AI tools at work; like a comms officer who drafts with ChatGPT, a finance manager who automates reconciliation through a plug-in, a policy lead who runs data through an “AI summariser” to save time. Small, pragmatic innovations emerge as people find ways to work within systems that often struggle to keep pace with real-world demands. For Data Protection Officers, this “Bring Your Own AI” trend is both inevitable and risky.

Oct 223 min read

Locums and 'Bring your own Tech'

Across the NHS and wider health sector, locums and temporary clinicians are often essential to keeping services running. They move between organisations, adapt quickly, and bring a wealth of experience. But increasingly, my customers tell me, they’re also bringing their own technology. That might mean the familiar dictation software they use in their main practice, a personal transcription app, or even an AI-powered scribe that listens, writes, and structures their notes. Whi

Oct 223 min read

Why Simple Fixes for Missing Data Can Create Big Problems in AI

When building AI systems, missing data is unavoidable. Maybe patients didn’t report their income, maybe students skipped a survey, maybe a sensor failed. To keep things moving, developers often use quick fixes like mean imputation , replacing missing values with the average of what’s there. It sounds harmless. But in practice, it can quietly introduce bias, reduce accuracy, and create unfair outcomes. What is imputation? Imputation is the process of filling in missing values

Oct 142 min read